This document contains a summary of website content requirements and restrictions for publicly accessibleNavy websites. A website satisfies the definition of being “publicly accessible” if any of the content on thewebsite is accessible by the public via anonymous access. Restricting access by domain validation[Ref B,

3.d.1]or SSL without client-side authentication is not sufficient to be excluded from the definition of“publicly accessible”.

Authorized publicly accessible web presence:



No entity below the command level or its’ equivalent is authorized to establish a publiclyaccessible web site.

[Ref B,Chap 7]

Only commissioned units are authorized to register a domain name for a website. Non-commands areallowed to create a web presence but only as a sub-web off of an authorized web site. Sub-webs willappear as an integral part of their command level parent web site. For instance, sub-webs will beimplemented with the same “theme” as the parent web site and any “home” buttons on the sub-webpages must link to the parent’s web site home page only.

A Web Site Self Assessment is required prior to registering/re-registering. Note that registration/re-registration addresses SECNAVINST 5720.44C

requirement to“designate, in writing, a primary web site manager”.

Visit

http://www.public.navy.mil/fcc-c10f/niocnorfolk/Pages/default.aspx

and select Site Checklist and Registration from the Web RiskAssessment pull down menu.

Register

the actual site

(e.g.,

http://www.public.navy.mil/fcc-c10f/niocnorfolk/Pages/default.aspx)

notthe site alias(http://www.nioc-norfolk.navy.mil).



Contain the Full command’s organizationalname and mailing address.

[Ref B,Chap 7]

The full command organizational name (with no abbreviations) must be prominently displayed on theweb site home page.



Contain the statement "This is an official U.S. Navy web site".

[Ref B,Chap 7]

The exact phrase “This is an official U.S. Navy web site”(or U.S. Marine Corps)

must be prominentlydisplayed on the web site home page.



Contain a tailored Privacy Policy.

[Ref B,Chap 7; Ref A Enclosure 3, figure 2]

The web site Privacy Policy or a hyperlink to the

web site Privacy Policy must be prominentlydisplayed on the web site home page.

The Privacy Policy MUST BE verbatim from Ref A. The only authorized modifications are tosubstitute the items indicated and to use Privacy Policyversus Privacy and Security Notice.

(Note thatreference(p) below is left intact hereas it relatesto thelist of references

in Ref A of this document.)

Links to this tailed privacy policy must be labeled “Please read our Privacy Policy Notice.” as per RefB.

Privacy Policy example per Ref A:

Quote:

PRIVACY AND SECURITY NOTICE

1.

[Name of service (e.g., “Website Title”)] is provided as a public service by [name of the DoDComponent(s)].

2.

Information presented on this service not identified as protected by copyright is considered

publicinformation and may be distributed or copied. Use of appropriate byline, photo, and image creditsis requested.

3.

For site management, information is collected [Link “information is collected” to description ofspecific information. An example is provided after paragraph 8. in this figure] for statisticalpurposes. This U.S. Government computer system uses software programs to create summarystatistics, which are used for such purposes as assessing what information is of most and leastinterest, determining technical design specifications, and identifying system performance orproblem areas.

4.

For site security purposes and to ensure that this service remains available to all users, softwareprograms are employed to monitor network traffic to identify unauthorized attempts to upload orchange information, or otherwise cause damage.

5.

Except for authorized law enforcement investigations and national security purposes, no otherattempts are made to identify individual users or their usage habits beyondDoD websites. Rawdata logs are used for no other purposes and are scheduled for regular destruction in accordancewith National Archives and Records Administration Guidelines. [Agencies subject to Reference(o) shall add the following sentence to this paragraph: “All data collection activities are in strictaccordance with DoD Directive 5240.01.”]

6.

Web measurement and customization technologies (WMCT) may be used on this site to rememberyour online interactions, to conduct measurement and analysis of usage, or to customize yourexperience. The Department of Defense does not use the information associated with WMCT totrack individual user activity on the Internet outside of Defense Department websites, nor does itshare the data obtained through such technologies, without your explicit consent, with otherdepartments or agencies. The Department of Defense does not keep a database of informationobtained from the use of WMCT. [If the DoD CIO has provided explicit written approval to useTier III WMCT, citethat approval here.] General instructions for how you may opt out of some ofthe most commonly used WMCT is available at http://www.usa.gov/optout_instructions.shtml.

7.

Unauthorized attempts to upload information or change information on this site are strictlyprohibited and may be punishable under the Computer Fraud and Abuse Act of 1987 and theNational Information Infrastructure Protection Act (18 U.S.C. § 1030).

8.

If you have any questions or comments about the information presented here, please forward

themto [contact information to report both technical and information problems with the websitespecifically, including accessibility problems].

Information Collected from [Name of site or “This website”] for Statistical Purposes

this is the host name (or Internet protocol (IP) address) associated withthe requester (you as the visitor). In this case, the requester is coming from the xxx.yyy.net address.Depending on the requester's method of network connection, the host name (or IP address) may or may notidentify the user’s specific computer. Connections via many Internet Service Providers (ISP)assigndifferent IP addresses for each session, or only connect to the Internet via proxy servers, so the host namemay only identify the ISP. The host name (or IP address) may identify a specific computer if that computerhas a fixed IP address.

[28/Jan/2008:00:00:01-0500]--

this is the date and time of the request

“GET /Defense/news/nr012708.html HTTP/1.0”--

this is the location of the requested file

200--

this is the status code-

200 is OK-

the request was filled

16704--

this is the size of the requested file in bytes

Mozilla 3.0--

this identifies the type of browser software used to access the page, which indicates whatdesign parameters to use in constructing the pages

www.google.com--

this indicates the last site the person visited, which indicates how people find therequested file.

Requests for other types of documents use similar information. Unless otherwise stated, no personally-identifiable information is collected..



Contain the Webmaster contact information.

[Ref B,Chap7]

Information on how to contact the Webmaster must be displayed on the web site home page or at leastcontained within the source code of the home page.

Ideally Webmaster contact information should belisted on the web site home page and should include;an e-mail address, work telephone number,

andwork mailing address.



Contain a link to parent command or Immediate Superior

in Command

(ISIC).

[Ref B,Chap 7]

Please label the link with the text“Parent Command”,“Immediate Superior in Command”, or“ISIC”.

This link is required on the home page.



Contain a link

to the official U.S. Navy web site:www.navy.mil.

[Ref B,Chap 7]

This link is required on the home page.



Contain a link

to Navy recruiting web site:www.navy.com.

[Ref B,Chap 7]

This link is required on the home page.



Contain a link

to Freedom of Information Act (FOIA) web site:www.foia.navy.mil

or

foia.navy.mil.

[Ref B,Chap 7]

This link is required on the home page.



Contain a link

to

Suicide

Prevention Lifelineweb site:

http://www.suicidepreventionlifeline.org/Veterans/Default.as px.

[Ref L, 3]

This link is required on the home page.Use the associated icon.



Contain a link

to No Fear Act: for example link tohttp://www.opm.gov/about_opm/nofear/notice.as p

orhttp://www.public.navy.mil/donhr/Pages/NoFear.aspx.

[Ref M,Comments on Notification Obligations]

This link is required on the home page.



External links tonon

U.S., state, or local government web sites must be accompanied by adisclaimer statement.

[Ref A,Enclosure 3, and Ref B,Chap 7]

External links to non-government web sites that directly support the command’s mission areauthorized but a disclaimer statement must be displayed on the page or pages listingexternal links orthrough an intermediate“exit notice” page.

External link disclaimer notice Example:

“The appearance of hyperlinks does not constitute endorsement by the [insert sponsoring organization, i.e.,Department of Defense, U.S. Army, U.S. Navy, U.S. Air Force, or U.S. Marine Corps] of non-U.S.Government sites or the information, products, or services contained therein. Although the [insertsponsoring organization] may or may not use these sites as additional distribution channels for Departmentof Defense information, it does not exercise editorial control over all of the information that you may findat these locations. Such links are provided consistent with the stated purpose of this website.”



Accompany all solicitations from the web site visitor with

a Privacy Advisory.

[Ref B,Chap 7; Ref A, Enclosure 3]

The term “solicitation” encompasses any and all requests for submissions including surveys, forms,and Webmaster feedback.

Privacy Advisory example:

"We will not obtain personally identifying information about you when you

visit our site unless you choose to provide such information to us. If you

choose to send email to the site webmaster or submit an online feedback

form, any contact information that you provide will be solely used to respond

to your request and not stored."

Per ref A:

The privacy advisory shall be posted on the web page where the information is being solicited orprovided through a well-marked hyperlink. Providing the hyperlink via a statement, such as “PrivacyAdvisory: Please refer to the Privacy Policy thatdescribes why this information is being collected andhow it will be used,” is satisfactory when linked directly to the applicable portion of the Privacy Policy



Have the written approval of SECDEF for the use of persistent cookies.

[Ref

A,Enclosure 3; RefB,Chap 7]

Cookies that remain after a browser session is terminated are persistent cookies.



A Notice and Consent Banner.

[Ref K, attach 1: A]

A verbatim Notice and Consent Banner (sometimes referred to as a DoD Warning Banner) must beprominently displayed at the access point for web sites where access is controlled by a level 3 Securityand Access Control mechanism (i.e., User Authentication).

Notice and Consent Banner

Example:

"You are accessing a U.S. Government (USG) Information System (IS) thatis provided for USG-authorized use only.

By using this IS (which includes any device attached to this IS), you consent to the following conditions:

-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching ormonitoring of the content of privileged communications, or work product, related to personal representation orservices by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product areprivate and confidential. See User Agreement for details."

Register with the DON Application and Database Management System (DADMS).

[Ref G]

Per

NAVADMIN 145/07,

all Navy websites must be registered with DADMS.

Please seehttps://www.dadms.navy.mil

for details. Note that the site is CAC/PKI enabled and also requires auser account.

TheDADMS Portal/Web site Registration Process Guide

is available for those withDADMS accounts.DADMSHelpdesk Support: DADMS@att.com or call (703) 506-5220.

SharePoint sites hosted by another command the do not need to register with DADMS. (e.g., NIOCNorfolk’s public site (http://www.public.navy.mil/fcc-c10f/niocnorfolk/Pages/default.aspx) does notneed to register. In addition, a Navy site hosted by another DoD componentdoes not need to registerwith DADMS(e.g.,NIOC Colorado’s sitehttp://www.buckley.af.mil/units/nioc).



Register with theJoint Task Force–

Global Network Operations (JTF-GNO).

[Ref H]

Please visithttps://www.jtfgno.mil

(a CAC/PKI enabled site) for details

on Computer Tasking Order08-012.Failure to register will prevent the site from publishing

to the public.

Note that this site nowpresents as US Cyber Forces.

Navy publicly accessible web sitesmust NOT

contain:



Overt warning signs

or words of warning or danger in association with the Privacy Policy. ThePrivacy Policy can only be identified with the phrase “Privacy Policy”.

[RefA, Enclosure 3; Ref B,Chap 7]

Indicators that create a misperception of danger in association with the Privacy Policy will not be used.The Privacy Policy can only be identified with the phrase “Privacy Policy”.

Information for specialized, internal audience or of questionable value to the general public.

[Ref B,

Chap 7]

Only content that is specifically targeted for the general public should be posted on web sites that haveno access restrictions implemented. Content intended for aninternal audiencecannot be protected bydomain restriction alone.

For exampleyou may provide a link to:http://www.navy.mil/navydata/fact_display.asp?cid=4200&tid=900&ct=4

for ship characteristics

forDestroyers or

http://www.navy.mil/navydata/fact_display.asp?cid=4200&tid=200&ct =4

for AircraftCarriers. Note that a ship may publish its own characteristics since the ship has release authority overthe data.



Automatic posting of information submitted by unauthorized personnel.

[Ref B,Chap 7]

Web logs or blogs may not support automatic postings by unauthorized personnel.



Government Information Locator Service (GILS) ID or Number.

[Ref B,Chap 7]

The Government Information Locator Service (GILS) was discontinued Dec 2005. As a result, NIOCNorfolk no longer uploads registrations to GILS. Unfortunately when SECNAVINST 5720.47B waspublished in Dec 2005 it still contained the GILS requirement. The author has been notified and willremove the reference before the next release.Note that the service onceprovided by the DefenseTechnology and Information Center (DTIC)

viahttp://www.dtic.mil/dtic/search/dod_search.html

isalso no longer available.



A Notice and Consent Banner.

[Ref A,Enclosure 3]

A Notice and Consent Banner (sometimes referred to as a DoD Warning Banner) must NOT bedisplayed on publicly accessible Navy web sites unless it is associated with an

access point for a subURL where access iscontrolled by a level 3 Security and Access Control mechanism (i.e., UserAuthentication).